NoVoice Malware Infects 2.3M Android Downloads
▼ Summary
– The “NoVoice” malware was discovered by McAfee researchers hidden in over 50 Google Play Store apps, which had a total of 2.3 million installations.
– Once installed, the malware attempts to gain root access to steal financial login credentials and can install or delete apps without user consent.
– Google states Android devices updated since May 2021 are protected, and Google Play Protect has removed the malicious apps.
– The malware is named for a silent audio file in its code that allows it to run undetected in the background.
– McAfee found the malware failed to infect devices in specific Chinese regions, suggesting the attackers’ origin and a tactic to avoid local law enforcement.
A significant new threat to mobile security has emerged, with a malware strain dubbed NoVoice discovered inside over 50 applications on the Google Play Store. According to a report from Bleeping Computer, these compromised apps were collectively downloaded more than 2.3 million times before being identified. Cybersecurity analysts at McAfee uncovered the malicious code hidden within seemingly legitimate software, including system utilities, games, and photo gallery apps.
This strategy of embedding dangerous payloads within innocent-looking applications is a common and effective attack vector. Users are tricked into installing what appears to be useful software, only to have the NoVoice malware activate upon installation. The malware then aggressively exploits vulnerabilities within the Android operating system in an attempt to gain root access to the device. Achieving this level of control allows attackers to harvest sensitive data like usernames and passwords from financial apps. Furthermore, the malware can silently install or delete other applications without the device owner’s knowledge or consent.
In particularly severe cases, components of such malware can be embedded so deeply that a standard factory reset may not fully eradicate the infection. For the specific NoVoice threat, however, the situation is not as dire for many users. Google has stated that Android devices which have received security updates since May 2021 are protected against this attack. Modern devices like the Pixel 6 Pro, released later in 2021 and updated this year, are therefore shielded.
An intriguing clue about the malware’s origin was uncovered during McAfee’s investigation. The researchers found that the malicious code failed to execute on devices located in specific regions, namely Beijing and Shenzhen in China. This geographic targeting strongly suggests the attackers’ home country and is a tactic often used to avoid scrutiny from domestic law enforcement agencies.
Google has confirmed that its Google Play Protect security service has automatically removed the identified malicious apps and blocked any new installations. The company reiterated its standard advice, urging all Android users to ensure their devices are running the latest security updates.
While the Bleeping Computer report did not publish a full list of all 50+ affected applications, it highlighted one example: an app called SwiftClean, developed by Biodun Popoola. The malware derives its name from a silent audio file embedded in its code; this file plays at zero volume, allowing the malicious background processes to operate without alerting the user. To guard against such threats, experts consistently recommend downloading apps only from official stores like the Google Play Store and maintaining diligent, regular software updates for your device.
(Source: PhoneArena)
